USN-1543-1: Config-IniFiles vulnerability

Ubuntu Security Notice USN-1543-1

libconfig-inifiles-perl vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Ubuntu 11.10

Ubuntu 11.04

Ubuntu 10.04 LTS

Summary

Config-IniFiles could be made to overwrite arbitrary files.

Software description

libconfig-inifiles-perl
- Perl module for working with INI configuration files

Details

It was discovered that the perl Config::IniFiles module created temporaryfiles in an unsafe manner. A local user with write access to the directorycontaining a configuration file that Config-IniFiles manipulates couldexploit this to overwrite arbitrary files.

Update instructions

The problem can be corrected by updating your system to the following
package version: